CVE-2025-64781
Unknown Unknown - Not Provided

Open Redirect Vulnerability in GroupSession Versions Before

Vulnerability report for CVE-2025-64781, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-12

Last updated on: 2026-02-17

Assigner: JPCERT/CC

Description

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-12
Last Modified
2026-02-17
Generated
2026-07-06
AI Q&A
2025-12-12
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
groupsession groupsession to 5.7.1 (exc)
groupsession groupsession to 5.7.1 (exc)
groupsession groupsession to 5.7.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in GroupSession Free edition, GroupSession byCloud, and GroupSession ZION prior to version 5.7.1. The initial configuration sets the "External page display restriction" to "Do not limit," which allows a user to be redirected to an arbitrary website when accessing a specially crafted URL.

Impact Analysis

The vulnerability can lead to users being redirected to arbitrary websites, which may result in phishing attacks or exposure to malicious sites. This can compromise user trust and potentially lead to further security issues such as information theft or malware infection.

Mitigation Strategies

Users are advised to update GroupSession to version 5.7.1 or later to mitigate this vulnerability. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64781. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart